Abstract

This document updates RFC6265 by defining a "SameSite" attribute
which allows servers to assert that a cookie ought not to be sent
along with cross-site requests. This assertion allows user agents to
mitigate the risk of cross-origin information leakage, and provides
some protection against cross-site request forgery attacks.